THALES BLOG

Building Security Resilience Against Quantum Threats: Embracing PQC in Five Steps

September 19, 2024

Shaun Chen Shaun Chen | AVP - Sales Engineering, APAC More About This Author >

The recent announcement by NIST regarding the finalization of post-quantum cryptography (PQC) standards marks a pivotal moment for organizations aiming to future-proof their data security against quantum threats. The three standards—FIPS 203 (Kyber for key encapsulation), FIPS 204 (Dilithium for digital signatures), and FIPS 205 (SPHINCS+ for stateless signatures)—are designed to bolster the security of cryptographic systems across various applications.

Building Security Resilience Against Quantum Threats: Embracing PQC in Five Steps

Preparing for PQC Adoption

To prepare for the adoption of PQC based on specific use cases and data sensitivity, organizations should consider the following steps:

1. Assess Data Sensitivity: Identify the data requiring the highest level of protection. Prioritize sensitive data, such as critical national security information, proprietary business data, or personal data, for encryption with PQC standards. The Thales Data Discovery and classification tool can aid in this process.

2. Evaluate Current Cryptographic Infrastructure: Identifying vulnerable cryptographic protocols is an essential step in the transition to PQC. A good starting point would be to review the existing cryptographic key assets in the current Key Management System (KMS) or Hardware Security Module (HSM). Most large enterprises safeguard their high-value cryptographic keys in these key stores to ensure protection and regulatory compliance. Thales CipherTrust Cloud Key Manager (CCKM) can be utilized to discover the key inventory in Luna HSM and on commercial clouds. Thales Luna HSM, with its market-leading FIPS 140-3 L3 certification, supports customer PQC adoption and compliance.

3. Develop a Migration Strategy: Create a roadmap for integrating PQC standards into systems, including timelines, resource allocation, and staff training on new protocols. Due to the widespread usage of public key infrastructure (PKI) and digital signing in modern IT infrastructure, migrating to PQC could be a substantial task. Studies have shown that the full migration to PQC for large banks could take up to 10 years. Early planning is crucial for the successful migration to PQC. Engaging with Thales security consultants and initiating PQC test kit testing is a strong starting point.

4. Implement Hybrid Approaches: Consider utilizing hybrid cryptographic systems that combine classical and post-quantum algorithms to ensure a smoother transition and immediate security enhancements. Industry leaders like Meta have adopted such an approach, which organizations should consider.

5. Stay Informed and Agile: Monitor developments in PQC and be prepared to adapt strategies as new standards and technologies emerge. Engaging with the cryptographic community can provide valuable insights and updates.

By proactively addressing these areas, organizations can effectively safeguard their data against the evolving landscape of quantum computing threats.

References: